Tag Archives: Cyberinsurance

Hospitality Industry Information Risks: “Cyber-Risk Insurance” Protects Businesses Against “Data Breaches”

…CFOs are looking for insurance against cyber threats. In the past few years,  cyber-risk coverage has become one of the fastest- Cyber Risk Insurance Graphicgrowing businesses for insurers…Businesses, government agencies, hospitals and schools in  the U.S. reported 343 data breaches this year through July, reports CFOJ’s  Maxwell Murphy. That exceeds the number reported in all of 2006 and puts 2013 on  pace for 588 breaches, the most since 2010…”

Data breaches have been on the rise after a dip in the past two years, and experts say the publicly disclosed breaches of computer networks may be only a  fraction of the total.

Cybersecurity used to be something that Ciena CFO James Moylan Jr. delegated. But now he spends as much as 10% of his time making sure  Ciena and its technologies are protected from hackers, cutthroat competitors and other potential cybercriminals. “With all the things that have been in the  news—hackers and, frankly, the Chinese—it’s all caused us to think about” how to cut the potential cost of a data breach, he says. The average cost of a breach  is about $188 per stolen record, and the average loss per incident is $9.4 million, according to a study last week from the Ponemon Institute.

For more:  http://stream.wsj.com/story/latest-headlines/SS-2-63399/SS-2-300092/

Comments Off on Hospitality Industry Information Risks: “Cyber-Risk Insurance” Protects Businesses Against “Data Breaches”

Filed under Crime, Guest Issues, Insurance, Liability, Management And Ownership, Risk Management, Theft

Hospitality Industry Information Security Risks: Most Hotels And Restaurants Have Experienced A "Cyber Attack" In The Past Year; "Intellectual Property Protection" Is Too Often Ignored

“…Seventy-three percent of small-to-middle-sized companies experienced a cyber attack in 2010, and 30% of those attacks were extremely effective, according to Symantec, a software security developer based in Mountan View, Calif…”

“…estimates are that this year…the cost associated with each breach has gone up to $214 per record…Negligence is a big issue,” “

With the increase in worldwide cyber crimes, smaller private businesses may be more vulnerable than larger ones, said an executive of Chubb Group of Insurance Companies. “It’s the perfect cyber storm,” said Ken Goldstein, vice president of the Chubb Group of Insurance Companies. “We’re in a bad economy; we’ve got private companies, generally small to middle in market size, that are strapped in what they can spend on intellectual property protection,” he said.

At the same time, he said, new technology means “cyber thieves can essentially hack from anywhere around the globe.”

Cyber crimes can do serious harm to an organization’s bottom line. According to Ponemon’s, the median annualized cost of cyber crimes for the 50 organizations studied was $5.9 million, with a range of $1.5 million to $36.5 million. This represents a 56% increase since last year.

“Multiply that by the number of customers that you service; it could be a sizable amount of money that a company would have to pay out of pocket,” Goldstein said.

The most costly cyber crimes are those caused by malicious code, denial of service, stolen devices and Web-based attacks, Goldstein said. Besides deliberate cyber theft, Goldstein says company information loss sometimes is a byproduct of employee negligence. An employee losing their mobile device at a hotel or restaurant, for example, could lead to a breach, he said.

For more:  http://www.fa-mag.com/fa-news/9382-smaller-private-companies-at-greater-risk-of-cyber-attack-.html

Comments Off on Hospitality Industry Information Security Risks: Most Hotels And Restaurants Have Experienced A "Cyber Attack" In The Past Year; "Intellectual Property Protection" Is Too Often Ignored

Filed under Crime, Guest Issues, Insurance, Labor Issues, Liability, Maintenance, Management And Ownership, Risk Management, Technology

Hospitality Industry Information Security Risks: "Cyber Attack Claims" Increase 56% Mainly Through "Rogue Employees, Malicious Attacks, And Mistakes By Outsourcing Firms"

“…The vast quantities of personal, identifiable information collected by the leisure and hospitality industry have made the sector a chief target for cyber attacks, according to Willis…with reports of a 56% rise in cyber claims over the past year….”

“…Rogue employees, malicious attacks, and mistakes by outsourcing firms appear to be the main culprits, with hackers getting ever-more sophisticated in their attempts to drain corporate databases of customers’ personal details…”

Willis warns that some breaches can cost in excess of $100 million and with more stringent data protection legislation coming into force, companies’ financial exposure to this type of crime will increase further.

“Recent breakthroughs include the introduction of identity theft solutions and Payment Card Industry fines coverage, which helps to protect companies from penalties linked to the mismanagement of credit card data.”

For more:  http://www.insurancedaily.co.uk/2011/08/03/hospitality-and-leisure-attract-cyber-attacks/

Comments Off on Hospitality Industry Information Security Risks: "Cyber Attack Claims" Increase 56% Mainly Through "Rogue Employees, Malicious Attacks, And Mistakes By Outsourcing Firms"

Filed under Claims, Guest Issues, Insurance, Labor Issues, Liability, Management And Ownership, Risk Management, Technology, Theft

Hospitality Industry Security Risks: Hotel "Cyber Liability Myths Exposed"

Cyber Liability Myths Exposed

By Brad Durbin – Petra Risk Solutions 

 

In today’s e-commerce society, operating your hotel without cyber liability coverage is like attempting to drive your car blindfolded on a  Southern California  freeway during rush-hour traffic. 

Here are three common myths and misconceptions I’ve heard repeatedly when discussing cyber liability insurance coverage with hotel owners and operators. 

Myth #1 – “I use the online reservation system offered by my franchise.  They’ll cover me if their system is hacked and my guest’s personal information is compromised.”

This is by far the most common misconception among hoteliers about their exposure and responsibility for a data breach. It’s easy to see why.  You are using your franchisor’s reservation system, which is offered as part of your franchise agreement.  Why wouldn’t they cover you if their system is hacked? 

The answer is in your contract.  While some franchise agreements are more favorable in this area than others, most contain special provisions regarding the use of their online reservation systems.  These provisions typically state that the hotel will be responsible for defending the franchisor and holding them harmless, regardless of whether the data breach came from within the online reservation system. 

The exposure is even greater for non-franchised properties using third party reservations system providers or wholesalers.  I have yet to come across a contract for these services that could be viewed as favorable for the hotel in the event that the reservation system is breached. 

 Myth #2 – “If a hotel guest’s credit card information is stolen at the property level, my Payment Card Processing company will cover me under their policy.” 

Most hoteliers erroneously assume that their Payment Card Processing Company (PCP) will have their best interest in mind in the event of a data breach.  I’m not sure why.  No business, regardless of how great or longstanding your relationship with them has been, will volunteer to pay significant attorney costs and consumer notification fees for you unless they are contractually obligated to do so.  Not surprisingly, most PCP contracts are heavily weighted in favor of the PCP provider regardless of where the data was taken from or if the PCP company is to blame.

Your liability is even greater for a data breach that can be traced back to the hotel property level.  If this happens, the Payment Card Industry (PCI) mandates that you conduct a forensic accounting audit of all your records.  These audits can cost $20,000 – $25,000 for a single location, limited service property. This amount does not include fines typical for any non-compliance issues discovered during the audit. 

Myth #3 – “Cyber liability coverage is a waste of money.”

Most states have laws requiring you to notify EVERY GUEST in your database upon discovery of a breach (e.g. California Senate Bill 1386).  Analysts estimate that the average cost for this notification is approximately $30 per record.  Multiply this by the number of records in your system, or the number of guests who have stayed at your hotel over the years, and you can see just how financially devastating these claims can become. 

For a typical limited service franchised property with $2,500,000 – $5,000,000 in annual room revenue, a cyber liability policy with a $1,000,000 limit can usually be obtained for less than $7,000 annually… an extremely fair price point considering the risks and hefty costs associated with a data breach.

Final Thoughts

When a hotel data breach occurs, guests won’t know or care that another company may be responsible.  They will come directly to the hotel for a remedy. The ENTIRE FINANCIAL BURDEN for notification costs, legal defense, and monetary settlement of all related claims may be borne directly by the hotel – if it does not have an appropriate cyber liability insurance policy in force.

To protect your hospitality assets, select and obtain cyber liability coverage that will address PCI fines, consumer notification costs, credit monitoring, and any government or regulatory action levied against your business in the event that a data breach is discovered.  Not all cyber policies include coverage for these areas, so it’s important for you to work with a qualified hospitality insurance broker. 

Securing proper cyber liability insurance coverage is a cost effective method for hoteliers to help mitigate the risks associated with owning and operating a hotel in today’s digital society. 

———————————————————————-

Brad Durbin is a Hospitality Insurance Specialist with Petra Risk Solutions. For questions about Hotel Cyber Liability or any other Hospitality Risk Solutions, contact Brad at bradd@petrarisksolutions.com.

Comments Off on Hospitality Industry Security Risks: Hotel "Cyber Liability Myths Exposed"

Filed under Crime, Guest Issues, Insurance, Liability, Management And Ownership, Risk Management, Technology

Hospitality Industry Information Security: "Cyberinsurance" Has Evolved Into A "Must-Have" Insurance Policy For Hotel Management As Coverage Includes "Forensics"

“…some insureds get charged $1,000 an hour by a forensics firm. It’s paying the individual walking by your house burning down with a bucket of water…” 

“…used to really focus our underwriting attention on how well they could prevent the breach, but we’ve added another phase to it,” says Whetstone. “Not only can you prevent it, but if it happens, how quickly can you respond? Do you have a plan in place? Kind of like a disaster recovery plan or a business continuity plan. It’s the same with this incident response plan.”

“…cyberinsurance is a “must-have” for most firms today…”

Demand for cyberinsurance was rising even before the most recent highly-publicized parade of breaches at major corporations and organizations. After the news of the first major Sony hack but before the subsequent reports involving Sony, Citicorp, the International Monetary Fund and others, Insurance Journal spoke with an expert to gauge how the insurance market for this coverage is doing.

James Whetstone, senior vice president and U.S. technology and privacy manager for insurer Hiscox Specialty, is a former technology geek and broker turned underwriter.

Hiscox is one of the original underwriters of the coverage. Whetstone says there are almost 30 carriers now offering cyber liability coverage, some more seriously than others. He says these times of claims are when an insurer’s commitment to a market can be tested, citing what he calls the “naive” capacity that exists.

The coverage has evolved quickly– Whetstone compares the product’s acceptance to that of employment practices liability (EPL) coverage– to where cyberinsurance is a “must-have” for most firms today.

The underwriting has also changed. “We used to really focus our underwriting attention on how well they could prevent the breach, but we’ve added another phase to it,” says Whetstone. “Not only can you prevent it, but if it happens, how quickly can you respond? Do you have a plan in place? Kind of like a disaster recovery plan or a business continuity plan. It’s the same with this incident response plan.”

For more:  http://www.insurancejournal.com/news/national/2011/06/20/203166.htm

Comments Off on Hospitality Industry Information Security: "Cyberinsurance" Has Evolved Into A "Must-Have" Insurance Policy For Hotel Management As Coverage Includes "Forensics"

Filed under Claims, Guest Issues, Insurance, Liability, Management And Ownership, Risk Management, Technology, Theft